Ethereal's OID printing routine was susceptible to an off-by-one error.

The COPS dissector could overflow a buffer.

The ALCAP dissector could overflow a buffer.

The statistics counter could crash Ethereal.

Ethereal could crash while reading a malformed Sniffer capture.

An invalid display filter could crash Ethereal.

The general packet dissector could crash Ethereal.

The AIM dissector could crash Ethereal.

The RPC dissector could crash Ethereal.

The DCERPC dissector could crash Ethereal.

The ASN.1 dissector could crash Ethereal.

The SMB PIPE dissector could crash Ethereal.

The BER dissector could loop excessively.

The SNDCP dissector could abort.

The Network Instruments file code could overrun a buffer.

The NetXray/Windows Sniffer file code could overrun a buffer.

The GSM SMS dissector could crash Ethereal.

The ALCAP dissector could overrun a buffer.

The telnet dissector could overrun a buffer.

ASN.1-based dissectors could crash Ethereal.

The H.248 dissector could crash Ethereal.

The DCERPC NT dissector could crash Ethereal.

The PER dissector could crash Ethereal.

New and Updated Features

The new command line tool dumpcap makes it possible to capture network data without the drawbacks of (t)ethereal (memory usage, security problems, ...) while keeping the benefit of advanced techniques like multiple (ringbuffer) files and alike.

The man page of dumpcap in HTML format is available at http://www.ethereal.com/docs/man-pages/dumpcap.1.html.

The source distribution of Ethereal now supports SSL, IPsec ESP, and ISAKMP decryption. (This feature has not yet been enabled in the Windows installer.)

The Windows version of Ethereal now uses native open and save file dialogs.

In related news, Ethereal now runs as a full-fledged Unicode application under Windows.

Recent versions of Ethereal were flagging packets with an incorrect TCP checksum as malformed. False positives were being triggered on systems that use TCP checksum offloading. We now check to see if the checksum is not 0x0000 before flagging the packet as malformed.